function authenticate() { global $db, $authRealm, $style; $rmt = $authRealm != false; $extAuth = externalAuth(); if (!$rmt || $extAuth === false) { // built-in authentication attempt if (empty($_REQUEST['u']) || !isset($_POST['p'])) { // simple logout return false; } $authData = array("user" => $_REQUEST['u'], "pass" => $_POST['p'], "email" => false); } else { // external authentication if (isset($_REQUEST['u']) && empty($_REQUEST['u'])) { // remote logout header('HTTP/1.0 401 Unauthorized'); header('WWW-Authenticate: Basic realm="' . $authRealm . '"'); includeTemplate("{$style}/include/rmtlogout.php"); return null; } $authData = $extAuth; } // verify if we have administration rights $DATA = userLogin($authData["user"], $authData["pass"], $rmt, $authData["email"]); // check if the external authenticator provides an email address if ($DATA !== false && empty($DATA["email"])) { $DATA['email'] = $authData["email"]; } return $DATA; }
// download ticket system include "include/init.php"; require_once "include/admfuncs.php"; require_once "include/entry.php"; // server checks if (!isset($_SERVER["PATH_INFO"])) { logError("missing PATH_INFO, cannot continue"); httpBadRequest(); } // ContentType is always JSON header("Content-Type: application/json"); // authentication $rmt = $authRealm != false; if (isset($_SERVER['HTTP_X_AUTHORIZATION'])) { $extAuth = externalAuth(); $authData = httpBasicDecode($_SERVER['HTTP_X_AUTHORIZATION']); if ($rmt || $extAuth !== false) { // enforce double auth/consistency when using remote authentication if ($authData === false || $extAuth === false || $authData["user"] !== $extAuth["user"] || $extAuth["pass"] !== false && $authData["pass"] !== $extAuth["pass"]) { logError('inconsistent double authorization token'); unset($authData); } } } if (isset($authData)) { if (empty($authData["user"]) || !$rmt && empty($authData["pass"])) { logError('missing credentials'); httpUnauthorized(); } $auth = userLogin($authData["user"], $authData["pass"], $rmt);